Snort

• Blog
• VRT
• Community
• Docs
• Services
• About
• Swag Store
• Sign In
• 

Sourcefire VRT Rules Update

Date: 2011-03-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.4.

The format of the file is:

sid - Message (rule group, priority)

New rules:
18579 <-> WEB-MISC HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt (web-misc.rules, High)
18580 <-> FTP ACCT overflow attempt (ftp.rules, High)
18581 <-> SPECIFIC-THREATS IBM Tivoli Provisioning Manager for OS deployment HTTP server buffer attempt (specific-threats.rules, High)
18582 <-> SPECIFIC-THREATS IBM Tivoli Provisioning Manager for OS deployment HTTP server buffer attempt (specific-threats.rules, High)
18583 <-> WEB-CLIENT Microsoft Windows wmf integer overflow attempt (web-client.rules, High)
18584 <-> SPECIFIC-THREATS HP OpenView Network Node Manager HTTP handling buffer overflow attempt (specific-threats.rules, High)
18585 <-> SPECIFIC-THREATS Adobe Reader malformed TIFF remote code execution attempt (specific-threats.rules, High)
18586 <-> WEB-PHP Visuplay CMS news_article.php unspecified SQL injection attempt  (web-php.rules, Medium)
18587 <-> SPECIFIC-THREATS HP OpenView Storage Data Protector Stack Buffer Overflow (specific-threats.rules, High)
18588 <-> FTP Wsftp XCRC overflow attempt (ftp.rules, High)
18589 <-> SPECIFIC-THREATS Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (specific-threats.rules, High)
18590 <-> SPECIFIC-THREATS Outlook Express WAB file parsing buffer overflow attempt (specific-threats.rules, High)
18591 <-> SPECIFIC-THREATS CoolPlayer Playlist File Handling Buffer Overflow (specific-threats.rules, High)
18592 <-> SPECIFIC-THREATS Yahoo Music Jukebox ActiveX exploit (specific-threats.rules, High)
18593 <-> WEB-MISC BitTorrent torrent file download attempt (web-misc.rules, Low)
18594 <-> SPECIFIC-THREATS Trend Micro Web Deployment ActiveX clsid access (specific-threats.rules, High)
18595 <-> SPECIFIC-THREATS Trend Micro Web Deployment ActiveX clsid access (specific-threats.rules, High)
18596 <-> SPECIFIC-THREATS Adobe Reader and Acrobat util.printf buffer overflow attempt (specific-threats.rules, High)
18597 <-> SPECIFIC-THREATS Opera file URI handling buffer overflow (specific-threats.rules, High)
18598 <-> SPECIFIC-THREATS GoodTech SSH Server SFTP Processing Buffer Overflow (specific-threats.rules, High)
18599 <-> SPECIFIC-THREATS QuickTime PictureViewer buffer overflow attempt (specific-threats.rules, High)
18600 <-> SPECIFIC-THREATS QuickTime PictureViewer buffer overflow attempt (specific-threats.rules, High)
18601 <-> SPECIFIC-THREATS Microsoft Common Controls Animation Object ActiveX clsid access (specific-threats.rules, High)
18602 <-> SPECIFIC-THREATS CA BrightStor Agent for Microsoft SQL overflow attempt (specific-threats.rules, High)

Updated rules:
3007 <-> IMAP delete overflow attempt (imap.rules, Medium)
3008 <-> IMAP delete literal overflow attempt (imap.rules, Medium)
3114 <-> NETBIOS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (netbios.rules, High)
3695 <-> EXPLOIT Veritas Backup Agent password overflow attempt (exploit.rules, High)
4647 <-> WEB-CLIENT internet explorer javascript onload overflow attempt (web-client.rules, High)
7523 <-> DELETED SPYWARE-PUT Trackware earthlink toolbar runtime detection - click news button links (deleted.rules, Medium)
11004 <-> IMAP CRAM-MD5 authentication method buffer overflow (imap.rules, High)
11687 <-> WEB-MISC Apache SSI error page cross-site scripting (web-misc.rules, High)
12459 <-> WEB-ACTIVEX Microsoft Visual Studio 6 PDWizard.ocx ActiveX clsid access (web-activex.rules, High)
12616 <-> WEB-ACTIVEX Microsoft Visual Studio 6 PDWizard.ocx ActiveX function call access (web-activex.rules, High)
12629 <-> WEB-MISC sharepoint cross site scripting attempt (web-misc.rules, High)
12983 <-> WEB-CLIENT DirectX SAMI file CRawParser buffer overflow attempt (web-client.rules, High)
14039 <-> EXPLOIT GNOME Project libxslt RC4 key string buffer overflow attempt (exploit.rules, High)
15143 <-> SQL sp_replwritetovarbin unicode vulnerable function attempt (sql.rules, High)
15144 <-> SQL sp_replwritetovarbin vulnerable function attempt (sql.rules, High)
15484 <-> IMAP CRAM-MD5 authentication method buffer overflow (imap.rules, High)
15556 <-> DELETED EXPLOIT Symantec Alert Management System Intel File Transfer Service arbitrary program execution attempt (deleted.rules, High)
15994 <-> SPECIFIC-THREATS Squid strListGetItem denial of service attempt (specific-threats.rules, Medium)
16208 <-> WEB-CLIENT Microsoft SQL Server Distributed Management Objects overflow attempt (web-client.rules, High)
16332 <-> EXPLOIT Symantec System Center Alert Management System arbitrary command execution attempt (exploit.rules, High)
16363 <-> POLICY potentially executable file upload via FTP (policy.rules, High)
16444 <-> EXPLOIT HP StorageWorks storage mirroring double take service code execution attempt (exploit.rules, High)
16516 <-> ORACLE Database sys.olapimpl_t package odcitablestart overflow attempt (oracle.rules, High)
16517 <-> WEB-CLIENT Free Download Manager .torrent parsing comment overflow attempt (web-client.rules, High)
16518 <-> WEB-CLIENT Free Download Manager .torrent parsing announce overflow attempt (web-client.rules, High)
16519 <-> WEB-CLIENT Free Download Manager .torrent parsing name overflow attempt (web-client.rules, High)
16520 <-> WEB-CLIENT Free Download Manager .torrent parsing path overflow attempt (web-client.rules, High)
16555 <-> WEB-MISC HP Openview Network Node Manager OvAcceptLang overflow attempt (web-misc.rules, High)
17239 <-> IMAP Alt-N MDaemon IMAP server CREATE command buffer overflow attempt (imap.rules, Medium)
17240 <-> IMAP Alt-N MDaemon IMAP server literal CREATE command buffer overflow attempt (imap.rules, Medium)
17314 <-> WEB-CLIENT OLE Document file download (web-client.rules, Low)
17458 <-> WEB-CLIENT BitDefender Internet Security script code execution attempt (web-client.rules, High)
17562 <-> SPECIFIC-THREATS Sun Java Runtime Environment Pack200 Decompression Integer Overflow attempt (specific-threats.rules, Medium)
17666 <-> WEB-CLIENT RealNetworks RealPlayer invalid chunk size heap overflow attempt (web-client.rules, High)
17706 <-> MISC Veritas NetBackup java user interface service format string attack attempt (misc.rules, High)